Last updated at Tue, 12 Dec 2023 19:39:36 GMT

This 3-part series explores the critical role logs play in maintaining regulatory compliances and provides specific examples of known events to look for an how to evaluate different compliance tools.

Logging for PCI Compliance

For organizations looking to achieve and maintain PCI compliance, requirements related to the secure retention of log data are common.

The secure retention of log data is critical for a variety of reasons. Aside from being a mandatory requirement for many regulatory compliances, it’s estimated that it often takes a company more than 200 days before realizing their environment has been compromised. Upon identifying a breach, reviewing log data from the last 6 months or year is often necessary to assess the full impact of the breach. Intruders are also likely to look for ways to cover their tracks, making it difficult to identify breaches. If an intruder can gain access to and manipulate log data, important evidence can be erased.

Below is an excerpt from our latest white paper that explores guidelines for securely retaining log data.

Logging for PCI Compliance: Secure Retention

Secure Retention

All compliance regulations dictate that logs must reside in a secure, centralized location. The integrity of logs is vital, thus it must be provable they are unaltered after being collected. Most compliance regulations also specify requirements for how long logs must be stored. For example, PCI DSS requires logs remain searchable for up to 3 months and are retained for up to 1 year. A log management tool can be used to consolidate all log events into a single, secure location. For example, a hosted log management service can help in the following ways:

  • Store all logs remotely, separate from running systems
  • Maintain an unaltered copy of log data to compare against local logs
  • Offer direct integration with Amazon S3 for long-term storage
  • Collect and centralize data from applications, systems and formats, including: - Applications
  • Workstations
  • Servers
  • Databases
  • Networks
  • Firewalls
  • Routers
  • Hosted Platforms

User Permissions

When working within a team, it may be necessary to give other team members access to your log management tool for search and analysis. When doing so, it’s important to consider whether the team members should be able to make changes to your log management tool. In general, a log management tool should:

  1. Prevent any user (including admins) from deleting logs.
  2. Offer role permissions to prevent non-admins from changing which logs are collected or stored.

Check out Rapid7's InsightIDR Product